class UsersController < ApplicationController
  layout nil
  before_filter :authorize_admin

  # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
  verify :method => :post, :only => [ :destroy, :create, :update ],
    :redirect_to => { :action => :list }

  def users_list
    @users = User.find(:all, :conditions => ["login != ?", SUPERADMIN_LOGIN])
  end

  def new_user
    @user = User.new(:user_type_id => UserType::STUDENT[:id])
  end

  def create_user
    password = PasswordGenerator.generate
    params[:user][:password] = password
    @user = User.new(params[:user])

    if @user.save
      set_flash_info(FlashInfo.get_notice("User was successfully added."))
      NewUser.deliver_new_user(@user, password)
      redirect_to :action => :users_list
    else
      render :action => :new_user
    end
  end
  
  def edit_user
    @user = User.find(params[:id])
  end
  
  def update_user
    @user = User.find(params[:id])
    
    if @user.update_attributes(params[:user])
      set_flash_info(FlashInfo.get_notice("User was successfully updated."))
      redirect_to :action => :users_list, :id => @user
    else
      render :action => :edit_user
    end
  end
  
  def destroy_user
    if User.exists?(params[:id])
      User.find(params[:id]).destroy
    end
    redirect_to :action => :users_list
  end
end